Author: coheigea
Date: Mon Apr 27 11:33:51 2009
New Revision: 768930
URL: http://svn.apache.org/viewvc?rev=768930&view=rev
Log:
[WSS-177] - Added support for encryption using a symmetric key and
EncryptedKeySHA1
- Note that before the EncryptedKey data was always required to be inserted in
the security header
- Added some tests
- Changed all encryption/signature parts to be a List rather than a Vector
- Cached all calls to MessageDigest("SHA-1) to be static
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityEncryptionParts.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
webservices/wss4j/trunk/test/wssec/TestWSSecuritySignatureParts.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Mon Apr
27 11:33:51 2009
@@ -380,7 +380,7 @@
/**
* <code>ENCRYPTED_KEY_SHA1_IDENTIFIER</code> is used to set the specific
key identifier
- * ThumbprintSHA1.
+ * EncryptedKeySHA1.
*
* This identifier uses the SHA-1 digest of a security token to
* identify the security token. Please refer to chapter 7.3 of the OASIS
WSS 1.1
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
Mon Apr 27 11:33:51 2009
@@ -33,6 +33,7 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
+import java.util.List;
import java.util.Vector;
public class SignatureConfirmationAction implements Action {
@@ -62,7 +63,7 @@
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
WSConstants.UT_SIGN, signatureActions);
}
- Vector signatureParts = reqData.getSignatureParts();
+ List signatureParts = reqData.getSignatureParts();
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
if (signatureActions.size() > 0) {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
Mon Apr 27 11:33:51 2009
@@ -19,6 +19,7 @@
package org.apache.ws.security.action;
+import java.util.List;
import java.util.Vector;
import org.apache.ws.security.WSConstants;
@@ -90,7 +91,7 @@
sign.prependToHeader(reqData.getSecHeader());
builder.prependToHeader(reqData.getSecHeader());
- Vector parts = null;
+ List parts = null;
if (reqData.getSignatureParts().size() > 0) {
parts = reqData.getSignatureParts();
} else {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
Mon Apr 27 11:33:51 2009
@@ -22,6 +22,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.bouncycastle.asn1.x509.X509Name;
@@ -453,7 +454,7 @@
MessageDigest sha = null;
try {
- sha = MessageDigest.getInstance("SHA-1");
+ sha = WSSecurityUtil.resolveMessageDigest();
sha.reset();
} catch (NoSuchAlgorithmException e) {
throw new WSSecurityException(
@@ -542,7 +543,7 @@
System.arraycopy(encoded, 22, value, 0, value.length);
MessageDigest sha;
try {
- sha = MessageDigest.getInstance("SHA-1");
+ sha = WSSecurityUtil.resolveMessageDigest();
} catch (NoSuchAlgorithmException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
"noSKIHandling",
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
Mon Apr 27 11:33:51 2009
@@ -25,6 +25,7 @@
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
+import java.util.List;
import java.util.Vector;
import java.security.cert.X509Certificate;
@@ -46,13 +47,13 @@
private int sigKeyId = 0;
private String sigAlgorithm = null;
private String signatureDigestAlgorithm = null;
- private Vector signatureParts = new Vector();
+ private List signatureParts = new Vector();
private Crypto encCrypto = null;
private int encKeyId = 0;
private String encSymmAlgo = null;
private String encKeyTransport = null;
private String encUser = null;
- private Vector encryptParts = new Vector();
+ private List encryptParts = new Vector();
private X509Certificate encCert = null;
private int timeToLive = 300; // Timestamp: time in seconds between
creation and expiry
private WSSConfig wssConfig = null;
@@ -168,7 +169,7 @@
this.signatureDigestAlgorithm = sigDigestAlgorithm;
}
- public Vector getSignatureParts() {
+ public List getSignatureParts() {
return signatureParts;
}
@@ -212,7 +213,7 @@
this.encUser = encUser;
}
- public Vector getEncryptParts() {
+ public List getEncryptParts() {
return encryptParts;
}
@@ -245,6 +246,7 @@
public void setWssConfig(WSSConfig wssConfig) {
this.wssConfig = wssConfig;
}
+
/**
* @return Returns the vector of stored signature values.
*/
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
Mon Apr 27 11:33:51 2009
@@ -50,6 +50,7 @@
import java.util.Calendar;
import java.util.Date;
import java.util.Hashtable;
+import java.util.List;
import java.util.Properties;
import java.util.Vector;
@@ -846,7 +847,7 @@
return new WSPasswordCallback(username, reason);
}
- private void splitEncParts(String tmpS, Vector parts, RequestData reqData)
+ private void splitEncParts(String tmpS, List parts, RequestData reqData)
throws WSSecurityException {
WSEncryptionPart encPart = null;
String[] rawParts = StringUtil.split(tmpS, ';');
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
Mon Apr 27 11:33:51 2009
@@ -183,8 +183,8 @@
*/
public boolean doSender(MessageContext mc, RequestData reqData, boolean
isRequest) throws WSSecurityException {
- reqData.getSignatureParts().removeAllElements();
- reqData.getEncryptParts().removeAllElements();
+ reqData.getSignatureParts().clear();
+ reqData.getEncryptParts().clear();
reqData.setNoSerialization(false);
/*
* Get the action first.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
Mon Apr 27 11:33:51 2009
@@ -25,7 +25,7 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import java.util.Vector;
+import java.util.List;
/**
* This is the base class for WS Security messages. It provides common
functions
@@ -41,7 +41,7 @@
protected int keyIdentifierType = WSConstants.ISSUER_SERIAL;
- protected Vector parts = null;
+ protected List parts = null;
protected boolean doDebug = false;
@@ -56,9 +56,9 @@
/**
* Set which parts of the message to encrypt/sign. <p/>
*
- * @param parts The vector containing the WSEncryptionPart objects
+ * @param parts The list containing the WSEncryptionPart objects
*/
- public void setParts(Vector parts) {
+ public void setParts(List parts) {
this.parts = parts;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
Mon Apr 27 11:33:51 2009
@@ -36,6 +36,7 @@
import javax.crypto.SecretKey;
+import java.util.List;
import java.util.Vector;
/**
@@ -78,7 +79,7 @@
return doc;
}
- private Vector doEncryption(Document doc, byte[] secretKey, Vector
references)
+ private List doEncryption(Document doc, byte[] secretKey, List references)
throws WSSecurityException {
SecretKey key = WSSecurityUtil.prepareSecretKey(this.symEncAlgo,
secretKey);
@@ -91,7 +92,7 @@
);
}
- Vector encDataRefs = new Vector();
+ List encDataRefs = new Vector();
if (envelope == null) {
envelope = doc.getDocumentElement();
}
@@ -181,14 +182,14 @@
* creates and initializes a new Reference element.
*
* @param dataRef A <code>xenc:Reference</code> element or
<code>null</code>
- * @param references A vector containing WSEncryptionPart objects
+ * @param references A list containing WSEncryptionPart objects
* @return Returns the updated <code>xenc:Reference</code> element
* @throws WSSecurityException
*/
- public Element encryptForExternalRef(Element dataRef, Vector references)
+ public Element encryptForExternalRef(Element dataRef, List references)
throws WSSecurityException {
- Vector encDataRefs = doEncryption(document, derivedKeyBytes,
references);
+ List encDataRefs = doEncryption(document, derivedKeyBytes, references);
Element referenceList = dataRef;
if (referenceList == null) {
referenceList =
@@ -221,7 +222,7 @@
}
}
- public static Element createDataRefList(Document doc, Element
referenceList, Vector encDataRefs) {
+ public static Element createDataRefList(Document doc, Element
referenceList, List encDataRefs) {
for (int i = 0; i < encDataRefs.size(); i++) {
String dataReferenceUri = (String) encDataRefs.get(i);
Element dataReference =
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
Mon Apr 27 11:33:51 2009
@@ -49,6 +49,7 @@
import org.w3c.dom.Node;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import java.util.Vector;
@@ -235,13 +236,13 @@
* times to add references as required. <code>addReferencesToSign()</code>
* can be called any time after <code>prepare</code>.
*
- * @param references A vector containing <code>WSEncryptionPart</code>
objects
+ * @param references A list containing <code>WSEncryptionPart</code>
objects
* that define the parts to sign.
* @param secHeader Used to compute namespaces to be inserted by
* InclusiveNamespaces to be WSI compliant.
* @throws WSSecurityException
*/
- public void addReferencesToSign(Vector references, WSSecHeader secHeader)
+ public void addReferencesToSign(List references, WSSecHeader secHeader)
throws WSSecurityException {
Transforms transforms = null;
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
Mon Apr 27 11:33:51 2009
@@ -44,6 +44,7 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
+import java.util.List;
import java.util.Vector;
/**
@@ -55,7 +56,7 @@
*/
public class WSSecEncrypt extends WSSecEncryptedKey {
private static Log log = LogFactory.getLog(WSSecEncrypt.class.getName());
-
+
protected String symEncAlgo = WSConstants.AES_128;
protected String encCanonAlgo = null;
@@ -64,8 +65,6 @@
protected String embeddedKeyName = null;
- protected boolean useKeyIdentifier;
-
/**
* Symmetric key used in the EncrytpedKey.
*/
@@ -135,14 +134,6 @@
this.embeddedKeyName = embeddedKeyName;
}
- /**
- * Set this true if a key identifier must be used in the KeyInfo
- *
- * @param useKeyIdentifier
- */
- public void setUseKeyIdentifier(boolean useKeyIdentifier) {
- this.useKeyIdentifier = useKeyIdentifier;
- }
/**
* Set the name of the symmetric encryption algorithm to use.
@@ -192,14 +183,6 @@
}
/**
- * Returns if Key Identifiers should be used in KeyInfo
- * @return if Key Identifiers should be used in KeyInfo
- */
- public boolean getUseKeyIdentifier() {
- return useKeyIdentifier;
- }
-
- /**
* Initialize a WSSec Encrypt.
*
* The method prepares and initializes a WSSec Encrypt structure after the
@@ -222,23 +205,23 @@
// key (session key) for this Encrypt element. This key will be
// encrypted using the public key of the receiver
//
- if (this.ephemeralKey == null) {
+ if (ephemeralKey == null) {
if (symmetricKey == null) {
KeyGenerator keyGen = getKeyGenerator();
- this.symmetricKey = keyGen.generateKey();
+ symmetricKey = keyGen.generateKey();
}
- this.ephemeralKey = this.symmetricKey.getEncoded();
+ ephemeralKey = symmetricKey.getEncoded();
}
- if (this.symmetricKey == null) {
- this.symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
this.ephemeralKey);
+ if (symmetricKey == null) {
+ symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
ephemeralKey);
}
//
// Get the certificate that contains the public key for the public key
// algorithm that will encrypt the generated symmetric (session) key.
//
- if (this.encryptSymmKey) {
+ if (encryptSymmKey) {
X509Certificate remoteCert = null;
if (useThisCert != null) {
remoteCert = useThisCert;
@@ -253,7 +236,9 @@
}
remoteCert = certs[0];
}
- prepareInternal(this.ephemeralKey, remoteCert, crypto);
+ prepareInternal(ephemeralKey, remoteCert, crypto);
+ } else {
+ encryptedEphemeralKey = ephemeralKey;
}
}
@@ -291,9 +276,9 @@
envelope = document.getDocumentElement();
}
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
if (parts == null) {
parts = new Vector();
+ String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
WSEncryptionPart encP =
new WSEncryptionPart(
WSConstants.ELEM_BODY,
@@ -304,9 +289,12 @@
}
Element refs = encryptForInternalRef(null, parts);
- addInternalRefElement(refs);
-
- prependToHeader(secHeader);
+ if (encryptedKeyElement != null) {
+ addInternalRefElement(refs);
+ prependToHeader(secHeader);
+ } else {
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
refs);
+ }
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
@@ -333,14 +321,14 @@
* creates and initializes a new Reference element.
*
* @param dataRef A <code>xenc:Reference</code> element or
<code>null</code>
- * @param references A vector containing WSEncryptionPart objects
+ * @param references A list containing WSEncryptionPart objects
* @return Returns the updated <code>xenc:Reference</code> element
* @throws WSSecurityException
*/
- public Element encryptForInternalRef(Element dataRef, Vector references)
+ public Element encryptForInternalRef(Element dataRef, List references)
throws WSSecurityException {
- Vector encDataRefs =
- doEncryption(document, this.symmetricKey, references);
+ List encDataRefs =
+ doEncryption(document, symmetricKey, references);
Element referenceList = dataRef;
if (referenceList == null) {
referenceList =
@@ -370,15 +358,15 @@
* creates and initializes a new Reference element.
*
* @param dataRef A <code>xenc:Reference</code> element or
<code>null</code>
- * @param references A vector containing WSEncryptionPart objects
+ * @param references A list containing WSEncryptionPart objects
* @return Returns the updated <code>xenc:Reference</code> element
* @throws WSSecurityException
*/
- public Element encryptForExternalRef(Element dataRef, Vector references)
+ public Element encryptForExternalRef(Element dataRef, List references)
throws WSSecurityException {
- Vector encDataRefs =
- doEncryption(document, this.symmetricKey, references);
+ List encDataRefs =
+ doEncryption(document, symmetricKey, references);
Element referenceList = dataRef;
if (referenceList == null) {
referenceList =
@@ -418,14 +406,12 @@
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
dataRef);
}
- private Vector doEncryption(Document doc, SecretKey secretKey, Vector
references)
+ private List doEncryption(Document doc, SecretKey secretKey, List
references)
throws WSSecurityException {
KeyInfo keyInfo = null;
- // Prepare KeyInfo if useKeyIdentifier is set
- if (useKeyIdentifier &&
- keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
+ if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
keyInfo = new KeyInfo(document);
SecurityTokenReference secToken = new
SecurityTokenReference(document);
secToken.addWSSENamespace();
@@ -445,11 +431,11 @@
return doEncryption(doc, secretKey, keyInfo, references);
}
- private Vector doEncryption(
+ private List doEncryption(
Document doc,
SecretKey secretKey,
KeyInfo keyInfo,
- Vector references
+ List references
) throws WSSecurityException {
XMLCipher xmlCipher = null;
@@ -482,7 +468,7 @@
);
}
- Vector encDataRef = new Vector();
+ List encDataRef = new Vector();
for (int part = 0; part < references.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
@@ -595,25 +581,25 @@
// (password) for this algorithm, and set the cipher into encryption
// mode.
//
- if (this.symmetricKey == null) {
+ if (symmetricKey == null) {
if (embeddedKey == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noKeySupplied");
}
- this.symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
embeddedKey);
+ symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
embeddedKey);
}
KeyInfo keyInfo = null;
- if (this.keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
+ if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
keyInfo = new KeyInfo(doc);
keyInfo.addKeyName(embeddedKeyName == null ? user :
embeddedKeyName);
- } else if (this.keyIdentifierType ==
WSConstants.EMBED_SECURITY_TOKEN_REF) {
+ } else if (keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
//
// This means that we want to embed a <wsse:SecurityTokenReference>
// into keyInfo element. If we need this functionality, this.secRef
// MUST be set before calling the build(doc, crypto) method. So if
// secRef is null then throw an exception.
//
- if (this.securityTokenReference == null) {
+ if (securityTokenReference == null) {
throw new WSSecurityException(
WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
"You must set keyInfo element, if the keyIdentifier ==
EMBED_SECURITY_TOKEN_REF"
@@ -632,9 +618,9 @@
WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX,
WSConstants.SIG_NS
);
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
if (parts == null) {
parts = new Vector();
+ String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
WSEncryptionPart encP =
new WSEncryptionPart(
WSConstants.ELEM_BODY,
@@ -643,7 +629,7 @@
);
parts.add(encP);
}
- Vector encDataRefs = doEncryption(doc, this.symmetricKey, keyInfo,
parts);
+ List encDataRefs = doEncryption(doc, symmetricKey, keyInfo, parts);
//
// At this point data is encrypted with the symmetric key and can be
@@ -702,7 +688,7 @@
public static Element createDataRefList(
Document doc,
Element referenceList,
- Vector encDataRefs
+ List encDataRefs
) {
for (int i = 0; i < encDataRefs.size(); i++) {
String dataReferenceUri = (String) encDataRefs.get(i);
@@ -756,7 +742,7 @@
private String getSHA1(byte[] input) throws WSSecurityException {
try {
- MessageDigest sha = MessageDigest.getInstance("SHA-1");
+ MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
sha.reset();
sha.update(input);
byte[] data = sha.digest();
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Mon Apr 27 11:33:51 2009
@@ -243,10 +243,10 @@
// session key
//
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo);
- if(this.encKeyId == null || "".equals(this.encKeyId)) {
- this.encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
+ if(encKeyId == null || "".equals(encKeyId)) {
+ encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
}
- encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
+ encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
KeyInfo keyInfo = new KeyInfo(document);
@@ -315,9 +315,6 @@
protected byte[] generateEphemeralKey() throws WSSecurityException {
try {
final SecureRandom r = WSSecurityUtil.resolveSecureRandom();
- if (r == null) {
- throw new WSSecurityException("Random generator is not
initialzed.");
- }
byte[] temp = new byte[this.keySize / 8];
r.nextBytes(temp);
return temp;
@@ -458,8 +455,8 @@
* @return Returns the BinarySecurityToken element.
*/
public Element getBinarySecurityTokenElement() {
- if (this.bstToken != null) {
- return this.bstToken.getElement();
+ if (bstToken != null) {
+ return bstToken.getElement();
}
return null;
}
@@ -490,11 +487,11 @@
* BinaruSecurityToken element.
*/
public String getBSTTokenId() {
- if (this.bstToken == null) {
+ if (bstToken == null) {
return null;
}
- return this.bstToken.getID();
+ return bstToken.getID();
}
/**
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
Mon Apr 27 11:33:51 2009
@@ -57,6 +57,7 @@
import java.security.cert.X509Certificate;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import java.util.Vector;
@@ -482,13 +483,13 @@
* times to add references as required. <code>addReferencesToSign()</code>
* can be called any time after <code>prepare</code>.
*
- * @param references A vector containing <code>WSEncryptionPart</code>
objects
+ * @param references A list containing <code>WSEncryptionPart</code>
objects
* that define the parts to sign.
* @param secHeader Used to compute namespaces to be inserted by
* InclusiveNamespaces to be WSI compliant.
* @throws WSSecurityException
*/
- public void addReferencesToSign(Vector references, WSSecHeader secHeader)
+ public void addReferencesToSign(List references, WSSecHeader secHeader)
throws WSSecurityException {
Element envelope = document.getDocumentElement();
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Mon Apr 27 11:33:51 2009
@@ -397,7 +397,7 @@
Document doc = this.element.getOwnerDocument();
MessageDigest sha = null;
try {
- sha = MessageDigest.getInstance("SHA-1");
+ sha = WSSecurityUtil.resolveMessageDigest();
} catch (NoSuchAlgorithmException e1) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noSHA1availabe", null, e1
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Mon Apr 27 11:33:51 2009
@@ -470,7 +470,7 @@
System.arraycopy(b3, 0, b4, offset, b3.length);
- MessageDigest sha = MessageDigest.getInstance("SHA-1");
+ MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
sha.reset();
sha.update(b4);
passwdDigest = Base64.encode(sha.digest());
@@ -645,7 +645,7 @@
MessageDigest sha = null;
try {
- sha = MessageDigest.getInstance("SHA-1");
+ sha = WSSecurityUtil.resolveMessageDigest();
} catch (NoSuchAlgorithmException e) {
if (DO_DEBUG) {
LOG.debug(e.getMessage(), e);
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
Mon Apr 27 11:33:51 2009
@@ -111,10 +111,12 @@
}
QName el = new QName(decryptedElem.getNamespaceURI(),
decryptedElem.getLocalName());
Processor proc = config.getProcessor(el);
- proc.handleToken(
- decryptedElem, crypto, decCrypto, cb, wsDocInfo,
returnResults, config
- );
- wsDocInfo.setProcessor(proc);
+ if (proc != null) {
+ proc.handleToken(
+ decryptedElem, crypto, decCrypto, cb, wsDocInfo,
returnResults, config
+ );
+ wsDocInfo.setProcessor(proc);
+ }
}
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
Mon Apr 27 11:33:51 2009
@@ -57,6 +57,7 @@
import java.security.cert.X509Certificate;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import java.util.Vector;
@@ -481,14 +482,14 @@
* can be called anytime after <code>prepare</code>.
*
* @param references
- * A vector containing <code>WSEncryptionPart</code> objects
+ * A list containing <code>WSEncryptionPart</code> objects
* that define the parts to sign.
* @param secHeader
* Used to compute namespaces to be inserted by
* InclusiveNamespaces to be WSI compliant.
* @throws WSSecurityException
*/
- public void addReferencesToSign(Vector references, WSSecHeader secHeader)
+ public void addReferencesToSign(List references, WSSecHeader secHeader)
throws WSSecurityException {
Transforms transforms = null;
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Mon Apr 27 11:33:51 2009
@@ -45,6 +45,7 @@
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Iterator;
@@ -68,6 +69,12 @@
private static String randomAlgorithm = null;
/**
+ * A cached MessageDigest object
+ */
+ private static MessageDigest digest = null;
+ private static String digestAlgorithm = null;
+
+ /**
* Returns the first WS-Security header element for a given actor. Only one
* WS-Security header is allowed for an actor.
*
@@ -920,6 +927,32 @@
}
/**
+ * @return a MessageDigest instance initialized with the "SHA-1"
+ * algorithm identifier
+ */
+ public static MessageDigest
+ resolveMessageDigest() throws NoSuchAlgorithmException {
+ return resolveMessageDigest("SHA-1");
+ }
+
+ /**
+ * @param algorithm
+ *
+ * @return a MessageDigest instance initialized with the identifier
+ * specified in algorithm
+ */
+ public synchronized static MessageDigest
+ resolveMessageDigest(
+ final String algorithm
+ ) throws NoSuchAlgorithmException {
+ if (digest == null || !algorithm.equals(digestAlgorithm)) {
+ digest = MessageDigest.getInstance(algorithm);
+ digestAlgorithm = algorithm;
+ }
+ return digest;
+ }
+
+ /**
* @return a list of child Nodes
*/
public static java.util.List
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityEncryptionParts.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityEncryptionParts.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityEncryptionParts.java
(original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityEncryptionParts.java Mon
Apr 27 11:33:51 2009
@@ -50,6 +50,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
import java.util.Vector;
/**
@@ -132,7 +133,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar",
@@ -183,7 +184,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar",
@@ -219,7 +220,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar2",
@@ -251,7 +252,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar",
@@ -285,7 +286,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(), // define the
body
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java Mon Apr 27
11:33:51 2009
@@ -43,6 +43,8 @@
import java.io.IOException;
import java.io.InputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -74,6 +76,8 @@
private Crypto crypto = CryptoFactory.getInstance();
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
+ private byte[] keyData;
+ private SecretKey key;
/**
* TestWSSecurity constructor
@@ -105,6 +109,11 @@
AxisClient tmpEngine = new AxisClient(new NullProvider());
msgContext = new MessageContext(tmpEngine);
unsignedEnvelope = getSOAPEnvelope();
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ key = keyGen.generateKey();
+ keyData = key.getEncoded();
}
/**
@@ -214,7 +223,6 @@
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- builder.setUseKeyIdentifier(true);
LOG.info("Before Encrypting EncryptedKeySHA1....");
Document doc = unsignedEnvelope.getAsDocument();
@@ -233,6 +241,68 @@
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric
key, rather than a
+ * generated session key which is then encrypted using a public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testEncryptionSHA1Symmetric() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setSymmetricKey(key);
+ builder.setEncryptSymmKey(false);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric
key (bytes),
+ * rather than a generated session key which is then encrypted using a
public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testEncryptionSHA1SymmetricBytes() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setEphemeralKey(keyData);
+ builder.setEncryptSymmKey(false);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
/**
* Verifies the soap envelope.
@@ -257,6 +327,7 @@
* for Testing we supply a fixed name here.
*/
pc.setPassword("security");
+ pc.setKey(keyData);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecuritySignatureParts.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecuritySignatureParts.java?rev=768930&r1=768929&r2=768930&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecuritySignatureParts.java
(original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecuritySignatureParts.java Mon
Apr 27 11:33:51 2009
@@ -48,6 +48,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
import java.util.Vector;
import javax.xml.namespace.QName;
@@ -132,7 +133,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar",
@@ -183,7 +184,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar2",
@@ -214,7 +215,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
"foobar",
@@ -247,7 +248,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Vector parts = new Vector();
+ List parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(), // define the
body
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
